Insider threats remain a serious anxiety for organizations, government agencies, and businesses. Normally, the most hazardous cyber attacks are formed by trusted insiders and not by malicious outsiders. The malicious behaviors resulting from unplanned or planned mishandling of resources, data, networks, and systems of an organization constitute an insider threat. The unsupervised behavioral anomaly detection methods are mostly developed by the traditional machine learning methods for identifying unusual or anomalous variations in user behavior. The insider threat mainly originates from an individual inside the organization who is a current or former employee who has access to sensitive information about the organization. For achieving an improvement over traditional methods, the Stacked Convolutional Neural Network- Attentional Bi-directional Gated Recurrent Unit model is proposed in this paper to detect insider threats. The CNN-Attentional BiGRU model utilizes the user activity logs and user information for time-series classification. Using the log files, the temporal data representations, and weekly and daily numerical features from various sub-models of CNN are learned by the stacked generalization. Based on the chosen feature vectors, a model is trained on the CERT insider threat dataset. The stacked CNN is combined with the Attentional BiGRU model to incorporate more complex features of the user activity logs and user data during each convolution operation without raising network parameters. Thus the classification performance is improved with less complexity. The non-linear time control, chaos-based strategy, update rules, and opposite-based learning strategies are evaluated for generating the Modified-Equilibrium Optimization. The simulation outputs obtained by the model are 92.52% accuracy, 98% Precision, 95% Recall, and 96% F1-score. Thus, the proposed model has reached higher detection performance.

内部威胁仍然是组织、政府机构和企业的严重担忧。通常，最危险的网络攻击是由值得信赖的内部人员发起的，而不是由恶意的外部人员发起的。由于组织的资源、数据、网络和系统的计划外或计划不当处理而导致的恶意行为构成内部威胁。无监督的行为异常检测方法主要是由传统的机器学习方法开发的，用于识别用户行为中的异常或异常变化。内部威胁主要来自组织内部的个人，该个人是有权访问有关组织的敏感信息的现任或前任员工。为了实现对传统方法的改进，本文提出了堆叠卷积神经网络-注意双向门控循环单元模型来检测内部威胁。CNN-Attentional BiGRU 模型利用用户活动日志和用户信息进行时间序列分类。使用日志文件，通过堆叠泛化学习来自 CNN 各个子模型的时态数据表示以及每周和每日的数值特征。根据所选的特征向量，在 CERT 内部威胁数据集上训练模型。堆叠式 CNN 与 Attentional BiGRU 模型相结合，在每次卷积运算期间融合用户活动日志和用户数据的更复杂特征，而无需提高网络参数。因此，分类性能得到提高，复杂度降低。评估非线性时间控制、基于混沌的策略、更新规则和基于相反的学习策略，以生成修正平衡优化。该模型获得的模拟输出准确度为 92.52%，精确度为 98%，召回率为 95%，F1 分数为 96%。因此，所提出的模型达到了更高的检测性能。